It probably isn't a security "hole", but a security "leak" as people can get information about your NFS mounts. Don't run it if you don't need it.
Remote Procedure Calls are supposed to be independent of TCP/UDP port numbers and are assigned a port number by the "port mapper" (tcp port 111 "sunrpc"). So there shouldn't be a well known port, but you could probably guess if you had to.
Try running "rpcinfo -p <hostname>" to see if rquotad is running.
"nmap -sR -p1- <hostname>" should also show something interesting, by my nmap doesn't seem to delve into the RPC info (just unknowns).
I found this short overview of the RPC protocol: http://www.rhyshaden.com/rpc.htm
It also has links to the relevant RFCs.
Hope that helps,